The targeted strike lasted about 25 minutes. 7:45 AM to 8:10 AM, Tuesday morning, Panhellenic SSO Identity and Authorization Service. Schoolboy The network received traffic in excess of the norm.
Apparently, another DDoS attack of the “denial of service” type has occurred. However, this service did not collapse. The attackers who had disabled the Education Policy Institute’s Theme Bank a day earlier were now looking for another vulnerable point to continue their malicious work.
The single sign-on service is also used by Theme Bank, so they obviously thought it would be another easy target. However, the security systems already operating there, apparently, adequately responded to the danger.
According to published data, Topic Bank platform received massive visits yesterday (up to 280,000 per second). Today’s new joint statement from the Ministries of Education and Digital Governance states that the platform received 165 million visits from 114 countrieshowever, without specifying the time duration of this number of hits, if they correspond to visits per second or minute.
“This is the largest attack ever carried out on a Greek state organization.“, – the corresponding message says.
The network security experts K spoke to explain that the attack was neither “unprecedented” nor “megaton.” For example, in February last year, Cloudflare, one of the international services for preventing DDoS attacks, announced that it had managed to stop a similar event that exceeded 71 million connection requests per second.
DDoS attacks are extremely common and do not necessarily require special knowledge. They are also usually provided on the dark web as a service for purchase, the cost of which is formed by the parameters that the moral criminals are willing to set (the size of the hit, as well as its duration).
A denial-of-service attack usually does not involve a breach of network data. Its main purpose is to disable the service, i.e. block access to it. For example, someone overloads the call center with virtual calls and cannot answer real users.
In 2020, a contract was concluded to combat potential threats of distributed denial of service (DDoS) attacks on government websites. According to K, each public organization can act independently and decide for itself how and with what it will protect its systems. In December of that year, the use of the same service, AKAMAI (to combat DDoS attacks) and the Education Policy Institute Theme Bank, was reportedly discussed, but in the end, it did not seem to move forward. What is the reason, in “K” is not specified.
It is still unknown what security tools or systems were used at Topic Bank until yesterday to be ready in the event of a DDoS-type cyber attack. However, on Monday, after a request for help from the National Cyber Security Administration, the decision was made to place the system under the control of AKAMAI. The process began at night and included a series of actions that had to be carried out over time to provide the necessary protection.
Essentially, similar types of services like AKAmai and Cloudflare can separate the bulk requests a website receives so as not to block denial of service attacks.
The question is whether this attack on the Subject Bank could have been prevented in time to avoid this impact, and whether simulations were carried out to see what kind of traffic load his system could withstand.
Source: Kathimerini
Ashley Bailey is a talented author and journalist known for her writing on trending topics. Currently working at 247 news reel, she brings readers fresh perspectives on current issues. With her well-researched and thought-provoking articles, she captures the zeitgeist and stays ahead of the latest trends. Ashley’s writing is a must-read for anyone interested in staying up-to-date with the latest developments.